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DETAILED ACTION 

Claims 1-8 are presented for examination. 



Claim Rejections - 35 USC § 103 

1. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 



Claims 1-8 rejected under 35 U.S.C. 103(a) as being unpatentable over Devine 
et al. (US Patent No. 6,598,167) and further in view of Grantges et al . (US 
Patent No. 6,510,464). 



Regarding claim 1 , Devine etaL discloses a method for communicating to a 
server machine a certificate of a user sent by a client machine via a security 
module of a computer system, wherein a first protocol used between the client 
machine and the server machine is an HTTP or an equivalent protocol, and a 
second security protocol such as SSL or an equivalent protocol is implemented 
between the client machine and the security module, said method comprising: 
transmitting the request, including said cookie header containing said certificate, 
from the security module to the server machine (0029,0066.0083,0130 and 
0131). 
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Devine et al. is silent in disclosing inserting said certificate into a cookie header 
of a request in the first protocol, however Grantaes et al. doses disclose this 
limitation (col. 2 lines 36-54 and col. 10 lines 6-31). It would have been obvious 
for one of ordinary skill in the art, at the time of the invention, to combine the 
secure gateway having routing feature of Grantqes et al. with the secure 
customer interface for web based data management of Devine et al. Grantqes et 
al. provide motivation for this combination in the recitation, "In a preferred 
embodiment, the identifier comprises a character string associate with the 
application to which the user of the remote client computer is provided access. 
The gateway is configured to create a cookie containing the identifier wherein 
subsequent requests made by the client computer also include the cookie 
containing the identifier. Through the foregoing, the identification of the selected 
application is known by the gateway (col. 3 lines 21-29 of Grantqes et al. )." 
Therefore it would have been obvious to combine these concepts as it is the 
preferred manner of provided increased security to transmitted messages. 

Regarding claim 2 . Devine et al. . discloses method according to claim 1 , further 
comprising: removing from said certificate all separators used in headers of the 
request prior to insertion of said certificate into said cookie header (01 31 of 
Devine et al.) . 
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Regarding claim 3 . Devine et al. . discloses a method according to claim 1, further 
comprising: determining, prior to the inserting step, whether an existing cookie 
header is present in the request sent by the client machine, and creating a new 
cookie header if said existing cookie header is not present in the request sent by 
the client machine. (0124 of De vine et al.) . 

Regarding claim 4 . Devine et al. . is silent in disclosing a method according to 
claim 3, further comprising: adding a specific cookie into the existing or new 
cookie header, and assigning a configurable default name to said specific cookie 
to enable the server machine to distinguish the certificate from cookies of the 
request, however Grantqes et al. doses disclose this limitation (col. 2 lines 36-54 
and col. 10 lines 6-31). It would have been obvious for one of ordinary skill in the 
art, at the time of the invention, to combine the secure gateway having routing 
feature of Grantqes et al. with the secure customer interface for web based data 
management of Devine et al. Grantqes et al. provide motivation for this 
combination in the recitation, "In a preferred embodiment, the identifier comprises 
a character string associate with the application to which the user of the remote 
client computer is provided access. The gateway is configured to create a cookie 
containing the identifier wherein subsequent requests made by the client 
computer also include the cookie containing the identifier. Through the foregoing, 
the identification of the selected application is known by the gateway (col. 3 lines 
21-29 of Grantqes et al.) ." Therefore it would have been obvious to combine 



Application/Control Number: 10/053,703 Page 5 

Art Unit: 2136 

these concepts as it is the preferred manner of provided increased security to 
transmitted messages. 

Regarding claim 5 , Devine etaL discloses a method according to claim 1, 
further comprising: transmitting to the server machine the request sent by the 
client machine into which the certificate has been inserted (0130 and 0131 of 
Devine et al.) . 

Regarding claim 6 , Devine etaL , is silent in disclosing a security machine for 
securing exchanges between a client machine and a server machine of a 
computer system, wherein a first protocol used between the client machine and 
server machine is an HTTP or an equivalent protocol, and a second security 
protocol such as SSL or an equivalent protocol is implemented between the 
client machine and said security machine, said security machine comprising: an 
analyzer for enabling the transmission of a certificate into a cookie header of an 
HTTP or equivalent request (0130 and 0131 of Devine et al.) . 

Regarding claim 7 , Devine et al. , discloses a system comprising: 

a client machine, a server machine, and a security module (0029, 0066, 0083, 

0130 and 0131 of Devine et aL) . 
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Devine et al. . is silent in disclosing a first protocol used between the client 
machine and the server machine is an HTTP or an equivalent protocol, wherein a 
second security protocol such as SSL or an equivalent protocol is implemented 
between the client machine and the security module, and wherein the security 
module comprises an analyzing program for enabling transmission of a certificate 
sent by the client machine into a cookie header of an HTTP or equivalent 
request, however Grantqes et al. doses disclose this limitation (col. 2 lines 36-54 
and col. 10 lines 6-31). It would have been obvious for one of ordinary skill in the 
art, at the time of the invention, to combine the secure gateway having routing 
feature of Grantqes et al. with the secure customer interface for web based data 
management of Devine et al. Grantqes et al. provide motivation for this 
combination in the recitation, "In a preferred embodiment, the identifier comprises 
a character string associate with the application to which the user of the remote 
client computer is provided access. The gateway is configured to create a cookie 
containing the identifier wherein subsequent requests made by the client 
computer also include the cookie containing the identifier. Through the foregoing, 
the identification of the selected application is known by the gateway (col. 3 lines 
21-29 of Grantqes et al.) ." Therefore it would have been obvious to combine 
these concepts as it is the preferred manner of provided increased security to 
transmitted messages. 
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Regarding claim 8 , Devine et al. . discloses program integrated into a security 
module that allows the method according to claim 1 to be executed when the 
program is run in a machine (0149 of Devine et al.). 
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Conclusion 



Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Chinwendu C. Okoronkwo whose telephone number is 
(571) 272 2662. The examiner can normally be reached on MWF 9:30 - 7:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Nasser Moazzami can be reached on (571) 272 4195. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 



Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



273-8300. 
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